<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" href="/style.css" type="text/css" /> <script type="text/javascript" src="/jquery.min.js"></script> <title>CERN Computer Security Information</title> <script type="text/javascript"> $(document).ready(function(){ // Menu highlight var path = location.pathname.split("/"); if ( path ) { $('#main_menu a[href*="' + path[1] + '"][class!="noselect"]').addClass('selected'); // path[3] = /security/<xxxxx>/ $('#sidebar ul.sidemenu li[class!="noselect"]:has(a[href$="' + path.reverse()[0] + '"])').addClass('selected'); } // Add icon to external links $('a[id!=logo-img]').filter(function() { return this.hostname && this.hostname !== location.hostname;   }).after(' <img src="/images/external_link.png" alt="external link" title="external link"/>'); }); </script> </head> <body> <div id="wrap"> <div id="top-bg"></div> <!--header --> <div id="header"> <div id="logo-text"> <a id="logo-img" href="https://home.cern/"><img src="/images/CERNLogo2.png" width="59" height="59" style="margin: 10px" alt="CERN Logo"/></a><div id="logo-text-big"><a href="/home/en/index.shtml" title="">CERN Computer Security</a></div> </div> <div id="header-logo"><a href="/services/en/emergency.shtml"><img width=335 src="/images/emergency.png" alt="Computer Emergencies"/></a></div> </div> <!--header ends--> <div id="header-photo"></div> <!-- navigation starts--> <div id="nav"> <ul id="main_menu"> <li><a class="noselect" href="/home/fr/index.shtml"><img src="/images/fr.png" alt="FR"/></a></li> <li><a href="/home/en/index.shtml">Home</a></li> <li><a href="/rules/en/index.shtml">Computing Rules</a></li> <li><a href="/recommendations/en/index.shtml">Recommendations</a></li> <li><a href="/training/en/index.shtml">Training</a></li> <li><a href="/services/en/index.shtml">Services</a></li> <li><a class="secured" href="/reports/en/index.shtml">Reports &amp; Presentations</a></li> </ul> </div> <!-- navigation ends--> <!-- content-wrap starts --> <div id="content-wrap"> <div id="main"> <a name="Aims of Operational Circular Nº5"></a><h2>Aims of Operational Circular Nº5</h2> <em class="titledate">2000/06/19 by CSO</em> <p>This document is an informal description of CERN policies with respect to its computing facilities. It introduces <a href="/rules/en/OC5_english.pdf">Operational Circular Nº5</a> (OC5) in an informal style with the intention of presenting its salient features in a reader-friendly way. Please note, however, that <a href="/rules/en/OC5_english.pdf">OC5</a> remains the only official document for legal reference.</p> <h4>Introduction</h4> <p><a href="/rules/en/OC5_english.pdf">OC5</a> sets out the basic rules of use for all computing facilities at CERN. As the field of computing is evolving at a rapid rate, we needed to find a way to cover the general aspects of the use of CERN computing facilities as well as permitting a more flexible way of managing rules of use related to new aspects of computing facilities or to changes in technology.</p> <p>This was done by introducing a subsidiary level to the rules of <a href="/rules/en/OC5_english.pdf">OC5</a> which contains rules of use for each computing service. These service rules appear on the web (http://www.cern.ch/ComputingRules), but nevertheless have to be approved before changes can be made to them. Some example services are e-mail, NICE and networking. The service rules are additional rules to <a href="/rules/en/OC5_english.pdf">OC5</a>. Abuse of the service rules may entail withdrawal of access to the service and/or other sanction as specified in <a href="/rules/en/OC5_english.pdf">OC5</a>.</p> <h4>OC5 and CERN</h4> <p>CERN provides computing resources, network infrastructure, e-mail and other services for the purpose of enabling the physics community to participate and fulfill the CERN physics programme. Resources are limited and intended to be used in the context of official work. Even if the educational and research aspects of CERN's life - providing an environment conducive to work - introduces the need for a certain amount of freedom of interest and development of ideas, CERN wishes to ensure that the resources it provides to researchers are used in the way they were intended.</p> <p>CERN has a professional standing that it wishes to maintain. Computing and networking technologies have potentially placed users in the public eye, through e-mail discussion lists, news groups, and web sites where each user's contribution carries CERN's name - in the form cern.ch. It is now trivial to "publish" in ways that would not have been imagined a few years ago, bypassing the peer review process that has been normal for our community. Users need to be aware that whatever they place on web pages, send to discussion lists or post to news groups from CERN computing facilities carries CERN's name. People wishing their own web sites or e-mail addresses should make use of local Internet Service Providers who offer these services.</p> <p>CERN provides a network infrastructure for the whole site and collaborating institutes may bring equipment to CERN and connect to CERN's network. All networked equipment on the CERN site is considered to fall under <a href="/rules/en/OC5_english.pdf">OC5</a>. This (as mentioned above) is because abuse in e-mail, news groups, SPAM etc. from networked equipment will appear to originate at CERN and may be detrimental to the organization's image. Access from home via CERN facilities, such as Automatic Call Back (ACB), is considered in the same way.</p> <h4>Accounts and Services</h4> <p>Computing resources are allocated to users through the various services, such as accounts on NICE, central services, mail and through network connections. Users are responsible for and accountable for the use of their accounts and resources allocated to them. They should take reasonable precautions to prevent other persons from accessing their accounts by choosing good passwords and proper access protection settings. CERN will not tolerate any attempt at unauthorized access to accounts.</p> <p>Some users may be given privileged accounts or access to accounts created for projects or other special reasons. In these cases the users must only use the accounts for the purpose for which they were intended and if the user's work changes he/she must inform the service manager and revoke access to the account(s).</p> <p>Computing resources are often shared and limited. Excessive use by users may impact others. Each service monitors its quality and usage to enable all to work smoothly. Users may accidentally abuse these resources, in which case the service manager will as a general principle take action to protect the service and dialogue with the user concerned to rectify the situation. Refusal by users to cooperate with service managers is not tolerated.</p> <h4>Security</h4> <p>CERN takes a proactive interest in protecting its resources and users' accounts against attacks from persons outside of the Organization. These attacks may take many forms from e-mail SPAM to forged mail messages appearing to originate from CERN; virus propagation by various means; unauthorized use of accounts due to various circumstances (compromised passwords, operating system bugs, web server bugs, etc.). Security measures to combat these are implemented for CERN as a whole and by each service, and coordinated through the CERN computer security officer. A team, reachable via <a href="mailto:cert@cern.ch">cert@cern.ch</a>, will handle security related problems. Users who think that their account has been used by someone else, or suspect some other security related problem, should contact this team or their service manager. In cases of a suspected break-in from outside the user's account is normally blocked until the situation is resolved and new passwords are enforced. Any private or confidential information revealed during the detection of security problems or subsequent investigation is kept confidential.</p> <p>Services often carry out their own security checks. Some services regularly check for viruses and the existence of suspicious programs using commercial virus scanning software. The virus checking programs may check all user files. If a user is informed that his files are infected by viruses or that suspicious programs have been found in his directory he must follow the service managers instructions. Similarly checks on "good" passwords are performed by some services. These use tools similar to those used by hackers to try to guess passwords. If the tool succeeds in guessing a user's password then the user will be informed and asked to change it. Refusal by users to cooperate with service managers is not tolerated.</p> <h4>Privacy, Confidentiality, Copyright and Illegal activities</h4> <p>Illegal activities, breach of copyright, dissemination of confidential information, pirating software, commercial activities, to mention a few activities are not tolerated.</p> <p>CERN occasionally has special requirements to abide by. For example, CERN often enters into projects with manufacturers and has access to information that is confidential. Users must take appropriate actions to maintain the confidentiality of any such information. Similarly CERN is often given access to licensed software and the conditions of the license agreement must not be violated, particularly by allowing unauthorized persons to have access or to make copies.</p> <p>Should users inadvertently come into contact with confidential information they must respect its confidentiality.</p> <p>CERN accepts no liability for private or confidential information stored on its computer facilities. This includes all file stores and e-mail. Service managers may have to access private or confidential data in the course of maintaining and providing optimum services and in maintaining the security of the service against outside access. Any such information will be treated with confidentiality.</p> <h4>Personal Use</h4> <p>Networking, or rather the use of the Internet, now pervades almost everyone's life. It is unreasonable, if not impossible, to separate completely work and personal use of facilities such as e-mail, calendaring and address books - to give some trivial examples. In addition, as for the telephone, Internet access is available to most CERN users and some reasonable statement of an acceptable use was felt necessary. Basically the "Rules for personal use" section of <a href="/rules/en/OC5_english.pdf">OC5</a> states that using CERN computing facilities for personal use still means that all the relevant rules and regulations apply with a few additional constraints. For personal use, users must ensure that frequency and duration is limited, that resources used are negligible and that any such use is at a time and priority that does not impact their normal work. For example, outside working hours, at lunch break or coffee break.</p> <p>Lastly, the use of CERN's computing facilities as part of CERN's social activities (Clubs etc.) is explicitly mentioned as permitted in the context of personal use.</p> </div> <!-- main ends --> <!-- SIDEBAR --> <!-- sidebar menu starts --> <div id="sidebar"> <h3>CERN Computing Rules</h3> <ul class="sidemenu"> <li><a href="/rules/en/OC5_english.pdf">Operational Circular Nº5</a></li> <li><a href="/rules/en/oc5_aims.shtml">Aims of OC5</a></li> <li><a href="/rules/en/personal_use_policy.shtml">Personal use policy</a></li> <li><a href="/rules/en/violation_of_rules.shtml">Violation of rules</a></li> <li><a href="/rules/en/CERN_Cybersecurity_Policy_v1.2.pdf">Cybersecurity Policy</a></li> <li><a href="/rules/en/CERN_CSO_Mandate_v1.1.pdf">Mandate of the CSO</a></li> <li><a href="/home/en/CERN/liaisons.shtml">Departmental & Experiment Liaisons</a></li> <li><a href="/rules/en/board.shtml">Computer Security Board</a></li> </ul> <h3>OC5 Subsidiary Rules</h3> <h3>& Guidelines</h3> <ul class="sidemenu"> <li><a href="/rules/en/accounts.shtml">Computer accounts</a></li> <li><a href="/rules/en/dhp.shtml">Data Handling Policy</a></li> <li><a href="/rules/en/drp.shtml">Data Retention Policy</a></li> <li><a href="/rules/en/firewall.shtml">Outer Perimeter Firewall Openings</a></li> <li><a href="/rules/en/ddp.shtml">Properly destroying data</a></li> <li>Protecting files on <a href="/rules/en/afs.shtml">AFS</a>, <a href="/rules/en/dfs.shtml">DFS</a> and <a href="/rules/en/eos.shtml">EOS</a></li> <li><a href="/rules/en/windows.shtml">Running Windows PCs</a></li> <li><a href="/rules/en/baselines.shtml">Security Baselines</a></li> <!--li><a href="/rules/en/social-media.shtml">Social Media Guidelines</a></li--> <li><a href="https://admin-eguide.web.cern.ch/en/procedure/social-media-guidelines">Social Media Guidelines</a></li> <li><a href="/rules/en/data_access_by_thirds.shtml">Third party access to users' accounts and data </a></li> <li><a href="/rules/en/file-services.shtml">Using file services</a></li> <li><a href="/rules/en/mail-service.shtml">Using the e-mail service</a></li> <li><a href="/rules/en/network.shtml">Using the network</a></li> <li><a href="/rules/en/webcams.shtml">Using webcams</a></li> </ul> <h3>Software Restrictions</h3> <ul class="sidemenu"> <!--li><a href="/rules/en/irc.shtml">Internet Relay Chat (IRC)</a></li--> <!--li><a href="/rules/en/im.shtml">Instant messaging<br/> (IRC, ICQ, ...)</a></li--> <li><a href="/rules/en/otp-generators.shtml">OTP Generators</a></li> <!--li><a href="/rules/en/p2p.shtml">Peer-to-peer file sharing<br/>(P2P)</a></li--> <!--li><a href="/rules/en/skype.shtml">Skype Internet telephony</a></li--> <li><a href="/rules/en/teamviewer.shtml">TeamViewer</a></li> <!--li><a href="/rules/en/tor.shtml">Tor (The Onion Router)</a></li--> <li><a href="/rules/en/vpn.shtml">VPNs and other overlay networks</a></li> </ul> <h3>Other Useful Information</h3> <ul class="sidemenu"> <li><a href="https://indico.cern.ch/category/3441">Licensing CERN Software</a></li> <li><a href="https://odpp.web.cern.ch/">Office of Data Privacy Protection</a></h3> <li><a href="http://www.ohwr.org">Open Hardware Repository</a></h3> </ul> </div> <!-- sidebar menu ends --> <!-- content-wrap ends--> </div> <!-- footer starts --> <div id="footer-wrap"> <div id="footer-bottom"> &copy; Copyright 2024<strong> <a href="https://cern.ch/security">CERN Computer Security Office</a></strong> <table> <tr> <td id="footer-info-left"> e-mail: <a href="mailto:Computer.Security@cern.ch">Computer.Security@cern.ch</a><br/> Please use the following PGP key to encrypt your messages:<br/> ID: 0x954CE234B4C6ED84<br/> <a href="https://keys.openpgp.org/vks/v1/by-fingerprint/429D60460EBE8006B04CDF02954CE234B4C6ED84">429D 6046 0EBE 8006 B04C DF02 954C E234 B4C6 ED84</a> </td> <td id="footer-info-right"> Phone: +41 22 767 0500<br/> Please listen to the recorded instructions. </td> </tr> </table> </div> </div> <!-- footer ends--> </div> <!-- wrap ends here --> <!--img height=30px src="/home/en/CERNfooter_800.png"--> </body> </html>